Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Serious Malware and Trojan Problem [RESOLVED]

Jaereloaded

Posted 23 February 2008 - 08:32 PM

Jaereloaded

Member

Member

22 posts

Hi... to anyone who can help me.
I'll just try to explain what is going on with the computer... and maybe you guys will know what the solution is...

of course I get pop ups and "Critical error messages." In the "My Documents" folder as well as other folders, there are like twenty thousand .tmp files that I can't delete. Of course it's taking up so much space on my computer.... The anti virus software that I have is so old it has no effect on anything. So I buy a new anti-virus program, and it says I don't have enough memory to add the program.... Can someone help me... without having to completely reinstall windows... I don't want to lose any of programs or music....

Event Record #/Type332 / ErrorEvent Submitted/Written: 01/04/2008 04:30:29 PMEvent ID/Source: 11704 / MsiInstallerEvent Description:Product: Microsoft Office XP Professional with FrontPage -- Error 1704. An installation for QuickTime is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

kahdah

Posted 23 February 2008 - 09:45 PM

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. That may cause it to stall

Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.

A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.

Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Keep that log to post with the other log.========================================Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select "Perform Full Scan", then click Scan.

The scan may take some time to finish,so please be patient.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Advertisements

Jaereloaded

Posted 24 February 2008 - 02:21 PM

kahdah

Posted 24 February 2008 - 02:22 PM

kahdah

GeekU Teacher

Retired Staff

15,822 posts

ok.

You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please follow the directions below to run FindAWF so we can identify the files that have been infected and the backups then restore them.